@antv/ava (=3.6.0-alpha.0), @antv/gpt-vis (>=0.0.1 <=0.6.1) +31 more potentially affected by unknown CVE via @antv/l7-draw (=3.1.5)

@antv/l7-draw NPM version =3.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/l7-draw and may be impacted: - @antv/ava =3.6.0-alpha.0 - @antv/gpt-vis =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.9.9, =0.1.1, =1.0.0, =1.0.2, =1.0.2, =0.0.1, =0.0.1, =0.0....

@aligent/auth-module (>=0.0.3 <=1.0.1), @baic/preset-yolk-taro-miniprogram (>=2.1.0-alpha.0 <=2.1.0-alpha.283) +41 more potentially affected by unknown CVE via jest-date-mock (>=1.0.10 <=1.0.8)

jest-date-mock NPM version =1.0.10, =0.0.3, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.259, =2.1.0-alpha.259, =1.0.1, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =12.0.0 and more Source cves: unknown CVE...

adaptive-kmpc-py (>=0.1.0 <=0.1.1), admetica (>=1.3.0 <=1.4.1) +227 more potentially affected by CVE-2026-31221 via lightning (>=2.0.0 <=2.6.0.dev20251123)

lightning PYPI version =2.0.0, =0.1.0, =1.3.0, =1.9.0, =1.9.0, =0.1.16, =0.3.0, =0.1.0, =0.1.0, =0.8.3b20230916, =0.8.3b20230916, =1.5.1b20260510 and more Source cves: CVE-2026-31221 Source advisory: SNYK:PYTHON-LIGHTNING-16643333...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +254 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-model (>=2.0.0-M1 <=2.0.0-M5)

org.springframework.ai:spring-ai-model MAVEN version =2.0.0-M1, =0.1.0, =0.1.0, =1.21.9, =1.54.0, =0.8.0, =0.0.1, =0.1.0, =0.21.0, =0.26.0 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

360solutions-bc-mcp (=0.5.3), advanced-yaml (>=0.3.4 <=0.4.3) +299 more potentially affected by CVE-2026-44432 via urllib3 (>=2.6.0 <=2.6.3)

urllib3 PYPI version =2.6.0, =0.3.4, =0.1.0, =0.5.0, =0.24.2, =0.1.0, =0.1.0, =0.1.0, =0.5.0, =1.0.5, =26.1.0, =2.0.2, =0.45.0, =0.51.0 - auditize =0.10.0 and more Source cves: CVE-2026-44432 Source advisory: OSV:GHSA-MF9V-MFXR-J63J...

@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @claspo/common (>=5.2.1 <=7.2.0) +166 more potentially affected by CVE-2026-44966 via velocityjs (>=0.10.1 <=2.0.6)

velocityjs NPM version =0.10.1, =1.0.0, =5.2.1, =1.1.14, =14.5.0-theme.13, =16.5.0-theme.13, =14.4.1, =0.12.0, =0.0.6, =0.14.2, =1.4.0, =0.0.0, =1.0.0, =1.0.0, =0.0.1, =1.3.2, =1.4.3 and more Source cves: CVE-2026-44966 Source advisory: OSV:GHSA-J658-C2GF-X6PQ...

africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +2764 more potentially affected by CVE-2026-22745 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.3.4)

org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =1.1.0, =1.1.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =0.0.1, =v0.3.12, =v0.3.10, =v0.3.12, =2.1.2.RELEASE, =4.1.36, =4.1.7, =4.7.1 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 and more...

@godmode-team/godmode (=1.6.1), @growthub/cli (>=0.3.1 <=0.3.44) +8 more potentially affected by CVE-2026-41208 via @paperclipai/server (>=0.2.7 <=2026.416.0-canary.1)

@paperclipai/server NPM version =0.2.7, =0.3.1, =0.1.45, =2026.324.0-canary.0, =0.0.2, =0.2.2, =0.6.5, =0.6.6 - solounicornclub =0.3.1 - stacy-cli =0.3.1 Source cves: CVE-2026-41208 Source advisory: OSV:GHSA-265W-RF2W-CJH4...

best.skn:skn-spring-mail (>=1.0.0 <=2.4.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=7.0.0 <=8.8.1) +710 more potentially affected by CVE-2026-40477 via org.thymeleaf:thymeleaf-spring6 (>=3.1.0.M1 <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf-spring6 MAVEN version =3.1.0.M1, =1.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.6.0, =7.6.0, =7.0.0, =7.0.0, =8.8.1 and more Source cves: CVE-2026-40477 Source advisory: OSV:GHSA-R4V4-5MWR-2FWR...

arches (=8.0.0a1), desktop-django-starter (=0.1.0) +31 more potentially affected by CVE-2026-4277 via django (>=6.0.0 <=6.0.3)

django PYPI version =6.0.0, =2.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =0.1.4 and more Source cves: CVE-2026-4277 Source advisory: OSV:GHSA-PWJP-CCJC-GHWG...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-34208 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-34208 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15909755...

5mghost-rover (>=0.0.1 <=0.0.3), a-mailx (=0.1.0) +1297 more potentially affected by CVE-2026-34515 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.0.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.6.0, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34515 Source advisory: SNYK:PYTHON-AIOHTTP-15873738...

01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2331 more potentially affected by CVE-2026-31826 via pypdf (>=3.10.0 <=6.7.5)

pypdf PYPI version =3.10.0, =0.0.5, =0.1.0, =0.4.1, =0.2.5, =0.0.2, =0.2.0, =1.2.27, =0.1.0, =1.2.32, =0.1.1, =1.0.0, =2.0.0 and more Source cves: CVE-2026-31826 Source advisory: OSV:GHSA-HQMH-PPP3-XVM7...

au.csiro.pathling:encoders (>=7.2.0 <=9.6.0), au.csiro.pathling:fhir-server (=7.2.0) +1279 more potentially affected by CVE-2026-24308 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.4)

org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =2.2.3 and more Source cves: CVE-2026-24308 Source advisory:...

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +1199 more potentially affected by CVE-2026-24281 via org.apache.zookeeper:zookeeper (>=3.8.0 <=3.8.5)

org.apache.zookeeper:zookeeper MAVEN version =3.8.0, =3.10.0.5, =0.1.0, =0.2.6, =0.0.33, =0.0.82, =0.0.33, =0.0.33, =0.0.33, =0.6.2, =0.6.0, =0.7.1 and more Source cves: CVE-2026-24281 Source advisory: SNYK:JAVA-ORGAPACHEZOOKEEPER-15456215...

org.apache.syncope.client.am:syncope-client-am-console (>=4.0.0 <=4.0.3), org.apache.syncope.client.am:syncope-client-am-enduser (>=4.0.0 <=4.0.3) +12 more potentially affected by CVE-2026-23794 via org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (>=4.0.0 <=4.0.3)

org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0,...

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +15 more potentially affected by CVE-2025-64087 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker (>=0.9.5 <=2.1.0)

fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker MAVEN version =0.9.5, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =1.0.4, =1.0.2, =1.0.1, =1.3.0, =1.3.0, =0.9.5, =1.0.6-1, =2.0.0-M3, =1.16.0, =1.16.2 and more Source cves: CVE-2025-64087 Source advisory:...

aleksis (>=2022.6.0.post0 <=2023.6.1), aleksis-app-alsijil (>=2.0.0 <=3.0.1) +97 more potentially affected by CVE-2025-65431 via django-allauth (>=0.24.1 <=65.12.1)

django-allauth PYPI version =0.24.1, =2022.6.0.post0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =1.0.0.dev0, =0.1.0, =2.0.0, =2.0.0, =0.1.0, =2.0.0, =1.0.0, =0.1.1, =2.0.0.dev0, =2.0.0.dev2 and more Source cves: CVE-2025-65431 Source advisory: OSV:GHSA-8M3C-C723-H4P4...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +304 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-parser-pdf-module (>=2.0.0 <=3.2.1)

org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988, CVE-2025-66516 Source advisory: OSV:GHSA-F58C-GQ56-VJJF...